{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33287", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T18:55:47.426Z", "datePublished": "2026-03-26T00:33:20.024Z", "dateUpdated": "2026-03-26T15:02:26.164Z"}, "containers": {"cna": {"title": "LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v"}, {"name": "https://github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061d", "tags": ["x_refsource_MISC"], "url": "https://github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061d"}], "affected": [{"vendor": "harttle", "product": "liquidjs", "versions": [{"version": "< 10.25.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T00:33:20.024Z"}, "descriptions": [{"lang": "en", "value": "LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory amplification (up to 625,000:1) while staying within the `memoryLimit` budget, leading to denial of service. Version 10.25.1 patches the issue."}], "source": {"advisory": "GHSA-6q5m-63h6-5x4v", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T14:13:05.937301Z", "id": "CVE-2026-33287", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T15:02:26.164Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33287", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T14:13:05.937301Z"}}}], "references": [{"url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:18:41.797Z"}}], "cna": {"title": "LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern", "source": {"advisory": "GHSA-6q5m-63h6-5x4v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "harttle", "product": "liquidjs", "versions": [{"status": "affected", "version": "< 10.25.1"}]}], "references": [{"url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v", "name": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061d", "name": "https://github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory amplification (up to 625,000:1) while staying within the `memoryLimit` budget, leading to denial of service. Version 10.25.1 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T00:33:20.024Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33287", "state": "PUBLISHED", "dateUpdated": "2026-03-26T15:02:26.164Z", "dateReserved": "2026-03-18T18:55:47.426Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T00:33:20.024Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory amplification (up to 625,000:1) while staying within the `memoryLimit` budget, leading to denial of service. Version 10.25.1 patches the issue."}], "id": "CVE-2026-33287", "lastModified": "2026-03-26T15:16:38.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-26T01:16:27.530", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061d"}, {"source": "security-advisories@github.com", "url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.25.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "liquidjs", "source": "cna", "vendor": "harttle"}, "product": "liquidjs", "vendor": "harttle"}], "analysis": {"en": {"generated_at": "2026-03-26T03:12:12.042946+00:00", "value": {"mitigation_remediation": ["Update LiquidJS to version 10.25.1 or later to apply the fix.", "If an update is not immediately possible, restrict usage of the replace_first filter or strip out $& patterns from templates."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via memory exhaustion"}, "threat_synthesis": {"affected_systems": "Systems that ship with LiquidJS earlier than version 10.25.1 \u2013 such as the versions maintained by Harttle \u2013 are affected. The issue is present in all installations of LiquidJS where the replace_first filter is used with $& patterns and no patch has been applied. Updating to version 10.25.1 or later removes the vulnerability.", "description_and_impact": "LiquidJS, a JavaScript template engine used by Shopify and GitHub Pages, contains a bug in its replace_first filter that can cause exponential memory amplification. When a template uses the pattern $& within the replace_first filter, JavaScript interprets it as a back reference to the matched substring. The filter only charges the memory limit for the original input string, not the amplified output, allowing an attacker to craft a template that grows the output by a factor of up to 625,000:1 while staying within the configured memory budget. The result is an out\u2011of\u2011memory failure that leads to denial of service.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.5, indicating high severity, and is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the exploit requires using the replace_first filter with a $& pattern, it is likely that the attack vector is through delivery of crafted template content, such as malicious user input or possibly an adversary modifying templates stored on the server. The exploit is feasible in environments where the template engine processes untrusted input, but it does not provide execution of arbitrary code or privilege escalation. Based on the description, it is inferred that the primary risk is denial of service rather than direct compromise of confidentiality or integrity."}}}}, "created": "2026-03-26T11:30:53.946049+00:00", "updated": "2026-03-26T12:08:55.732136+00:00", "vendors": ["harttle", "harttle$PRODUCT$liquidjs"]}